Zango Confirmed Sponsors List
 

As mentioned here http://www.greenguysboard.com/board/...0&postcount=57
Its time to stop wallowing in this and take action to make sure the sponsors that are benefitting from this are removed from our sites

CAUTION - only post sponsors that you can PROVE - and show the proof - and this is not limited to Zango - any toolbar installer that will screw the original referrers aff codes or ignore them or hijack a surfers computer is included

Probably should also add that this includes any sponsor that accepts sales from the keywords you bid on through zangocash - which is quite an impressive list of sponsors to say the least

This is not a new problem - although it is affecting the adult world more now that myspace users have been hit with the installs and evidently the company (in its various forms) has been around for some time. I saw that both CJ and the other large mainstream aff companies have had their affiliates battling this since at least 2004 with many large affiliate programs actually taking action to remove the affiliates from their rolls - and it would be the right action for these adult companies to take as well, however some may not know, as well as some may ignore the problem as they dont realize they are losing money

How would I begin the hunt on my end? Is there any way I can find and identify sponsors/sites without installing the fuck-ware on my own system?

- Do some sampling/logging of your surfers to see how many are infected.
- Display a warning to the surfers that they are infected.

Sponsors could do some similar testing at their end to set red flags for possible theft. Too many sales wirh the flag would warrant back checking the referring URLs to check for modified links. If they catch anyone, they should file criminal charges against the affiliate, and Zango, not just suspend the account.

It is a great idea... and too important to ignore the benefits to be gained from a possible cooperation to hunt them down together with the members of another webmaster forum so I posted there about your plan Linkster and was proposing this cooperation as well.

http://www.askdamagex.com/showpost.p...75&postcount=9

Hope this helps.

Digifan - I appreciate that and I have also asked over on GFY (and am asking publicly here) if we can all put aside board ideologies for a little bit to cooperate on this one as it affects everyone - to the tune of 200,000 new surfers in primarily the US every day

Linkster, great initiative! If you guys already have a list started, please point me to the thread and I will also link to it from ADX.

I'm glad it can be worked out and will be for sure |thumb

good stuff |headbang|

I guess we should start this list with NetFlix
This thing runs a lot deeper than just adult sponsors.
http://www.1source4.info/0504-hb2-netflix/netflix1.wmv
OK, I just terminated my netflix accounts...who's with me?

Never promoted them in the first place, so I guess that's a very good start. :D

I still can't get that wmv to play. I get an error message that the host doesn't support streaming. But when I read about Netflix on this page it seems to be saying they're a victim of Zango.

I never did either but you don't want to buy from them either, do you?

I stuck the code on a couple of pages and will add it to more over time. For now I have it linking to a blank image. I'll play with it more and see if I can't come up with some creative uses.

If anyone has a "Zango removal procedure" page I'll gladly link to it. If not, I'll just have to find/write my own. :)

The movie is exactly as they explain it. And, I get what both you and thta page is saying. So, either an affiliate of netflix bought the traffic from Zango or Netflix itself bought the traffic. I found a page listing a partial list of Zango clients.
http://www.benedelman.org/spyware/images/180-jan06/
You are probably right...it probably is an affiliate buying traffic from them.

So, you know what we can expect from any sponsors accused of using zango, right? "It was an affiliate and we have terminated their account".

I did also read that yahoo used them up until last year. Here is a good page about the owners of Zango. http://www.benedelman.org/spyware/180-affiliates/

And here is how to remove the software...
http://www.2-spyware.com/remove-zangosearch.html

I found a list of domains and programs that vango dont target, http://www.benedelman.org/spyware/18...xclusions.html and did a bunch of hunting and couldnt find the ones they do target

Working on one now for my blogs and would be more than happy to share.

Any sponsor allowing affiliates to generate sales via Zango is just as guilty as the affiliates themselves, if they know about it.

Here is a link to check if you are infected or not,
http://sharkideas.com/zango-test/
and another link to how to remove it,
http://www.symantec.com/security_res...519-99&tabid=3

PS You are awesome jim :D

That's the thing, how do you prove they know about it? Sure, once a list is gathered, they have been warned. But until then, you never know the truth. That is, unless you are stupid and admit to it by saying we had to do it to compete. At first look, it looked as though netflix was stealing traffic that bestbuy bought a commercial for. But, after further investigation, it seems maybe netflix knew nothing about it. I truthfully think the only winners in this thing is zango.

Webmasters and sponsors both are going to be hurt before this is over. I have said this in private and I will say it now...the answer is to build a better mousetrap. We already know how to tell if a surfer has the toolbar installed. It can't be hard to do something with these surfers knowing that. Hell, just redirecting these people with the toolbar to a page letting them know they have adware and how to uninstall it will help greatly. Not to mention a decent programmer that can write a program that will disable the toolbar.

After reading a list of the investors, we are the proverbial David fighting Goliath. We need to work smarter, not harder.

Hmmm.... would id be ok to make a popup window on free sites that we submit (the popup window being the Zango test thingy) that way, every surfer that visited that particular free site would be notified if they were infected.

Probably not necessary, if the linklist owner himself has already put a user agent checker in place and redirects all Zango-infested traffic to a different page. That traffic will likely not see your free site to begin with.

Jim, I agree on the better mousetrap thing. I'm gonna give this some thought, see what I can come up with.

DamageX, like I said, even a simple redirect page that would say, "Your computer has been infected by an adware program." Scare the shit out of the surfer by saying these people now know where you have been and what you are doing. And then give them a way to uninstall the toolbar. Also, recommend some anti adware software for future attacks. That alone would probably stop the problem by probably 30% or more. It really doesn't matter what you do to someone with the toolbar...you aren't going to make money from them anyway.

I truthfully only learned today that an affiliate could use this software. It does seem to be in the best interest of everyone to get some software up and running to put an end to it.

We will work on something as well.

Just so that there is some basic understanding here:
First zango does run an affiliate program of their own called zangocash - which allows affiliates to make money off of installs
They also work with publishers/sponsors to provide content based on keyword searches and highlighting certain words on a web page
On top of that they work with anyone that will bid on certain search terms PPC which is where I think sponsors are most vulnerable - I can sign in right now and bid on cams dot com - and put my own ad on the surfers browser even if Im not cams dot com - I can also pop any other aff programs ad for that PPC ad - so if I were say promoting another personals/cams program I could pay to have their console with my aff code show up
Second - Zango is a small part of a much larger problem - there are somewhere around 400 programs that do this same thing - while zango has received a lot of attention because of their recent myspace attention - the ad I saw said basically "to view adult content on myspace - click here" which then installed zango - and explains part of the high rate of installations recently

As far as the idea of redirecting to a removal page - I have two problems - while we should be informing surfers - which is easy to do with a java popbox and a link imbedded in that box to take them somewhere to remove it
We should not be trying to sell them off to a removal program as most of those also install another program/toolbar
We also should not be pushing most of these removal programs as they also block cookies which defeats a good 50% of the affiliates we do use normally

Just some things to start thing about

Time to form our own organization to combat these sorts of threats as they arise?

Could start with a group responsible for handling and verifying anonymous tips (seems to work well with the ASACP?), another group deals with technical/creative solutions to the threat, and a third disseminates information to all parties concerned about how to deal with threat. |huh

Obviously this sort of problem isn't going to go away if/when Zango's tamed... so why not lay down the groundwork now and create a system which treats it as such? The collaboration of ideas here, now, is really refreshing, but a more permanent system might be more efficient in the long run.

I nominate myself as the official whipping boy! :D

Just gotta think about funding now... money is a great motivator, afterall. |loony|

And Jim I think you make a good point about not turning this into a money making scheme to exploit the surfers. It's not in our best interest to turn them off from our valiant efforts to make the web a safe and fun place because of short sighted thinking... like the people at Zango practice. |sad|

Yeah, I'm not talking at all about this being a money making deal. All I want to do is to educate the surfer. I don't think a popup is going to do the job. If they have zango installed, they are used to popups already. They were probably used to them before. This has to be a big surprise to them. Like I said, with zango installed, you are not going to make money from them anyway...so why not redirect them to a page that explains what has been done to them. Linkster, I have seen the same list of adware programs out there. So, we need to let them know that all cookies are not bad cookies. There is plenty of good software out there that will allow non-malicious cookies to be installed while stopping adware programs.

Right now, the issue is zango. We have a step by step guide on how to remove zango here.

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zanu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Zango [application name]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5B57AB3-15F8-43A2-ABAC-3E58A9C25818}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\[game name]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zango [application name]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zanu
HKEY_LOCAL_MACHINE\SOFTWARE\zanuHKEY_CURRENT_USER\Software\zanu
Help: how to remove registry entries

Delete files:
installershell.exe, zangoinstaller.exe, zanu.exe

Delete directories:
C:\Program Files\ZangoClient
C:\Program Files\Zango Applications
C:\Program Files\Zango Games
C:\Documents and Settings\[Current User]\Application Data\Zango [application name]
C:\Documents and Settings\[Current User]\Start Menu\Programs\Zango
C:\Documents and Settings\[Current User]\Start Menu\Programs\Zango Games

Misc:
[application name] is a name of a program installed by ZangoSearch.
[game name] is a name of a computer game installed by ZangoSearch.

We can just put those instructions on a page and offer unpaid links to good anti adware software. We can even have a single hosted page on it's own domain someplace that everyone trusts with a cool Anti-Zango and a circle with a line across it. And then at the bottom of the page, a "Back to the Page You Were On" link.

As other adware programs pop up that hurt this business, we can add the same type of pages that will give instructions again.

Above all, like most things...education is the key to this problem.

Now, if some programmer can come up with a way to do this with software that can be easily edited when the time is needed for other software, that would be great.

Count Oprano in on support as well.

Post the list and I will do what I do best.

PISS!

I was thinking about that when I said that criminal charges should be filed. Just terminating a house account don't work too good then. No wiggle room!

Trying to equate it to the real world, I see zango as being the thief, and the affiliate as receiving stolen goods. Now if one was to file charges against both, the affiliate might be out of reach in a different country. But, we all know where zango lives.

And as far as Goliath, I wonder how long they would hang around if some smart attorney files under RICO.

I wish that were true tickler but they were suied by both bestbuy and netflix and won. It appears by zango telling the surfer what they are doing, they have themselves covered.

I believe I found a removal tool
I am going to get a page setup that warns the surfer that they have been infected and place a link to the removal tool after I install zango and see if it truly removes it.
Here is the tool...just in case someone already infected can check it out first.
http://411-spyware.com/remove/zango-toolbar/

Nevermind...it wants to get rid of cookies as well.

I imagine that quite a few people run phpAdsNew or banner rotation scripts with similar features. One such feature is to block/display promos according to user agent (ZangoToolbar) which can be useful in this particular fight.

Estimates as to how many PC's are infected with scumware seem to be running from about 0.5% to 3% for Zango alone (and there are 20+ similar scumware installers). That represents a heck of a lot of surfers, although obviously leaves room for overkill. I have seen some people suggesting blocking/redirecting infected surfers completely and I think that definitely qualifies. I'm dubious about the effectiveness of most of the warnings suggested, because they not only require the surfer to believe you and care, but also he must copy a URL into an address bar (possibly the very one in which he was viewing your site).

The point is that not every promo on a page is going to make a popover appear, therefore it seems like a good first step to install scumware on a spare PC and check your sites to see which promos are affected. Then either swap them for others which are not, or if you have the right banner software, set it to show "infomercials" in place of affected promos to infected visitors.

Written to sound sincere and not as if they are selling something or offering something as bad, they could be as effective as alerts and I suspect if someone has voluntarily clicked a link, he will be more likely to follow the suggestions made on the page to which you send him.

I think I'm stating the obvious, but using lots of well-known names to alert infected users would help a lot - names that surfers already trust.
"This is a critical security alert from insert lots of names here" followed by the important removal information.

I am also thinking of including many quotes from anti-adware/spyware blogs and trusted sites. I have been doing a ton of research and have read a lot of things that just make me scratch my head. Zango actually started a lawsuit against Zone Alarm. Zone Alarm doesn't know why it ended but...DAMN.
http://download.zonelabs.com/bin/fre...2006/pr_1.html

This looks like a perfect quote from Zone Alarm
"Zango is attempting to monitor user activities on your computer. If allowed it may try to track or log keystrokes (user input), mouse movements/clicks, Web sites visited, and other user behaviors."

Here's the businessweek article that was on the frontpage a month or so ago about the spyware companies, they are all in NYC in a loft:

http://www.businessweek.com/magazine...tm?chan=search

they have a few more articles now

Excellent to see that so many are coming out to find ideas of how to deal with this issue |thumb

I'm about to start up a business locally...going into peoples homes to clean and secure their systems, then educate them a bit on why this happened and how to avoid it in the future. So, I probably won't have much input here...as I'm busier than a one legged man in an ass kicking contest as it is. But, I will be following these threads and contributing when possible :)

On that subject, be careful of linking to or suggesting spyware removers...unless it happens to be a major player in the spyware scanner market. Recent research has confirmed something I ran into several months ago on someones system. Some of these new spyware removers are spyware or ransomeware themselves |banghead|

I have no idea of the ownership of the 411 spyware link you posted Jim, but that site looks pretty spammy and the domain was just registered in June...I'd be very skeptical of downloading their product.

Zone Alarm has been around for years, but I've always found and confirmed as recently as this weekend that it still slows a system...especially on reboot. Also, its real claim to fame is that it blocks outbound unknown connections. While that may sound impressive, personally I think at that point the battle is lost...as the infection is already on the machine...obviously having gotten past the ZA firewall.

Personally, I believe that a solid reputable spyware scanner/virus scanner/software firewall and hardware firewall are all that's needed to keep a system clean. Of course, combined with some education on the do's and don't's of computing. It's not unlike driving a car, surfers need to learn how to use their computers safely. Which is why I'm going to start a sideline business...from the research I've done locally, I think I'm gonna be very VERY busy!

Be carefull what kind of anti-adware programs you recommend/promote. Most of them block/delete cookies, so promoting them = shooting yourself in the foot.

(a good one: Spybot S&D: http://www.safer-networking.org/)

The page is actually promoting nothing. As more adware software is found and we have an htaccess file for it, I will make a new directory with removal instructions.

For now, this is what I have
http://www.adwaresucks.com/zango/
You can pick up the htaccess file here.
http://www.adwaresucks.com/zango/zangohtaccess.txt

Use it if you would like. I will make a few changes but nothing that will ever hurt your traffic.

Guys, sponsors using hardlink code should be ok ?

I mean http://www.bigtitswhatever.com/reseller1/ can't be changed ?

Hummm shit forget about it, i think they can change it, damn

I believe that only concerned the installs on the surfers PCs, and maybe sponsor trademarks. I was thinking when I wrote that more along criminal lines like fraud/theft. To me it should be as simple as calling the cops, but, I suppose since they are in the US that a ciminal lawyer from there could give you better ideal.

Will76 posted a screen shot(showing a zango affiliates PPC page) on another board showing some of the sponsor targeting. Hope nobody uses dating/cams sponsors much.
http://board.adultinsider.com/showpo...6&postcount=26

I don't see a lot of sponsors posting, maybe they just consider it a wash whether they pay one affiliate or another as long as they still get traffic and sales. There was a post over on B&B explaining that all the sponsors typein traffic/upsells could also be targeted. Instead of making 100% off a typein sale, they can end paying a zango affiliate the 50-60%/$30-35 instead.


Some additional links:
What we learned about 180solutions (aka Zango & MetricsDirect)
http://www.spywarewarrior.com/elh/180-summ.htm

A whole sub-forum about Zango:
http://forum.abestweb.com/forumdisplay.php?f=173
or click up one level for a bunch more sub-forums about other shitware.
http://forum.abestweb.com/forumdisplay.php?f=161